Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

4500 Access Lists

I am running into some confusion here, that hopefully some one can help we out with.

We have a 3005 concentrator, a 4503 and about 100 2950s. The network is VLAN routed.

By default we only have the 3005 looking to the server resources. All desktops and labs are not accessable through the VPN.

We have a remote developer that was allowed to work from home. He needs access to the lab segment.

3005 is on servers are on and the lab is on

We put a route in the 3005 so access to the lab is available, but we need to restrict all other access. We are running Win2k Active Directory so we assigned him a static IP for remote access. What I would like to do is the VLAN connected to the lab is acess list it so only he can access it and all others will be discarded.

I created an access-list like this.

access-list VPN_Access permit udp host host eq 10000

access-list VPN_access permit udp host host eq 10000

access-list VPN_Access deny udp any any eq 10000

Now I have these created but I do not have them assigned to the VLAN.

My question is: For VPN traffic using port 10000 is this the right way to do it. Also which VLAN would it be best to assign to the on where the is assigned or the one where the is assigned.

We never really had to do this before, so thats why I am asking. I dont want to do the wrong thing.

Any input input would be appriciated.



Re: 4500 Access Lists


I dont see anything wrong in using port 10000 for VPN traffic. I think you should assign it to

CreatePlease to create content